# Configure a SUNET CDN DB server class cdn::db( String $postgres_version = '17.0-bookworm', ) { $db_secrets = lookup({ 'name' => 'cdn::db-secrets', 'default_value' => undef }) if $db_secrets { file { '/opt/sunet-cdn': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/compose': ensure => directory, owner => 'root', group => 'root', mode => '0750', } file { '/opt/sunet-cdn/db': ensure => directory, owner => 'root', group => 'root', mode => '0750', } # User/group 999 matches postgres user in container file { '/opt/sunet-cdn/db/conf': ensure => directory, owner => '999', group => '999', mode => '0750', } file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d': ensure => directory, owner => '999', group => '999', mode => '0750', } file { '/opt/sunet-cdn/db/conf/init-cdn-db.conf': ensure => file, owner => '999', group => '999', mode => '0640', content => template('cdn/db/init-cdn-db.conf.erb'), } file { '/opt/sunet-cdn/db/docker-entrypoint-initdb.d/init-cdn-db.sh': ensure => file, owner => '999', group => '999', mode => '0750', content => file('cdn/db/init-cdn-db.sh'), } sunet::nftables::docker_expose { 'postgres-db' : allow_clients => '127.0.0.1', port => 5432, iif => $facts['networking']['primary'], } sunet::docker_compose { 'sunet-cdn-db': content => template('cdn/db/docker-compose.yml.erb'), service_name => 'cdn-db', compose_dir => '/opt/sunet-cdn/compose', compose_filename => 'docker-compose.yml', description => 'SUNET CDN DB', } } }